* Posts by Sitaram Chamarty

203 publicly visible posts • joined 30 Aug 2008

Page:

Silk Road's Dread Pirate Roberts walks free as Trump pardons dark web kingpin

Sitaram Chamarty

Re: Burdick v. United States, 236 U.S. 79 (1915)

true.

Off the top of my head, Dereck Chauvin's knees were hurt by George Floyd's neck. I'm sure there are other examples.

One third of adults can't delete device data

Sitaram Chamarty

Re: Working Out their Frustrations

umm no, it's not just the sharp bits.

Or at least not without taking out the Li-ion battery first

(and good luck if that is not user-removable).

Speaking from experience: someone I know did this when I was visiting, and they had to hurriedly move the whole thing out into a more "open area" when it started smoking. The stink was horrible, and I'm willing to bet it was quite hazardous.

I can't recall if it burst into flame before or after the smoke though.

systemd begrudgingly drops a safety net while a challenger appears, GNU Shepherd 1.0

Sitaram Chamarty

"The fact is that the name systemd-tmpfiles is not remotely accurate any more."

Well "systemd is an init system" has not been remotely accurate for ever now, so why would anyone think Pottering and his gang of Microsoft sleeper agents would care about systemd-tmpfiles not being a good enough name.

I'm surprised they even care about deletion of files, given their track record on response to user feedback.

Plane tracker app FlightAware admits user data exposed for years

Sitaram Chamarty

Re: SSN?

Same in India, and maybe worse too, because the government makes just enough noises to make people think Aadhaar number is mandatory for various things (e.g., getting a SIM card), but in fact all they need is *some* form of govt ID.

I was asked for my Aadhaar number (aka Modi's version of "papers please" as far as I am concerned) to get a replacement SIM card. I refused and offered my drivers license. The semi-literate chap didn't know what to do and looked to his boss, who -- luckily (for me? for them?) -- seemed to know it was sufficient. But in the course of this episode I got to hear how "everyone gives it" and "he's never heard of anyone having problems with it" and so on.

Chinese chip equipment maker AMEC sues Pentagon for entity list removal

Sitaram Chamarty

a couple of links to such stories please? Preferably something that actually made the news? I definitely did not see *any* mainstream vocalisation of this during the tiktok debates.

Sitaram Chamarty

what happened to the principle of "Reciprocity_(international_relations)"

https://en.wikipedia.org/wiki/Reciprocity_(international_relations)

A young colleague of mine (young compared to me anyway) was mentioning the other day that almost everything about China in re big tech violates this principle.

Opponents of tiktok don't have to argue the actual merits -- they just have to point out that China bans a lot of western apps. Why is this argument not seen anywhere? Neither of us were able to figure out why this is so.

In this specific instance, can any american company that is barred in China sue the MSS or eqvt?

Linux updates with an undo function? Some distros have that

Sitaram Chamarty

systemd a "modest change"?

Huh! I know English is not my first language but I didn't think I was that far off.

Jokes apart, looks like we measure these things differently. An A/B switch only affects a well-known aspect of the system in a specific, well-defined and largely beneficial way. Its definitely not a creeping cthulhu-wannabe that gradually pokes its tentacles into every subsystem that makes Linux tick, whether its needed or not.

Microsoft finds a new way to irritate Windows 11 users – a backup pop-up

Sitaram Chamarty

Re: When will users decide that enough is enough?

not going to happen; stockholm syndrome has set in!

Forget security – Google's reCAPTCHA v2 is exploiting users for profit

Sitaram Chamarty

Re: Why the limited tasks?

> thinks for a moment

if I am not mistaken, *that* is the privacy busting part, where all your existing cookies are being evaluated, JS is being run to grab as much of your past behaviour data as possible, and so on.

Fresh programmer's editor on Linux lies Zed ahead

Sitaram Chamarty

wasn't this the editor that downloaded binary blobs and the author refused to fix it?

yup; a bit of digging found it: https://old.reddit.com/r/programming/comments/1dxmroj/zed_editor_automatically_downloads_binaries_and/

even if I were the kind of young upstart who thinks requiring a GPU for text editing is somehow a good thing, I would probably not touch this one. Way outside the off stump for me, and I honestly think in this day of supply chain risk everyone should seriously think about this.

Crypto scammers circle back, pose as lawyers, steal an extra $10M in truly devious plan

Sitaram Chamarty

anyone who's helped someone deal with ransomware...

anyone who's helped someone deal with ransomware will have developed a visceral hatred of the major enabler -- cryptocurrency.

So, I have less than zero sympathy for anyone who willingly deals with cryptocurrency in any manner -- you're part of the problem, so F you and hope you lose ALL your money.

Julian Assange to go free in guilty plea deal with US

Sitaram Chamarty

am I the only one...

... who at least indirectly blames him (well wikileaks anyway) for Hilary Clinton losing? Not that I like her very much but she would have been orders of magnitude better than the orange turd. At that time he was not in prison; he was still operating wikileaks from his hideout in that embassy. (Sure Comey takes the brunt of the blame for this but this guy had a role to play, no doubt supported by Mother Russia!)

India's IT minister defeated in bid for lower house seat

Sitaram Chamarty

> Probably won't cost him his job

too bad

> meaning India's messy tech to-do list remains his problem

anyone who creates rules like "send us ALL your logs" and "fax is also OK" **is** the problem!

Telegram CEO calls out rival Signal, claiming it has ties to US government

Sitaram Chamarty

Prof Matt Green (Johns Hopkins) has an excellent rebuttal...

Matthew Green of Johns Hopkins has an excellent rebuttal. One of these links should work, and ideally should be added to the main article itself, considering Prof Green's creds in this.

- https://threadreaderapp.com/thread/1789687898863792453.html

- https://nitter.poast.org/matthew_d_green/status/1789687898863792453

- https://web.archive.org/web/20240513112355/https://threadreaderapp.com/thread/1789687898863792453.html

Stack Overflow simply bans folks who don't want their advice used to train AI

Sitaram Chamarty

I swore off SE/SO years ago...

on the parts of SE/SO I used to frequent, there was one egregiously officious "person" (very hard to stay polite but I made it, yaay!) called Schroder (sp?) whose behaviour was so high-handed that -- after a few incidents, each of them minor and inconsequential by itself but not when taken as a pattern -- I deleted my account, deleted as many as I could of my posts and comments, and never looked back.

India's CERT given exemption from Right To Information requests

Sitaram Chamarty

Hardly surprising.

Anyone who's followed the evolution of India's so-called digital privacy legislation will have realised that, from the first version in 2018 to what it looks like today, every revision (approx once/year) has progressively distanced the government itself from any of its provisions.

For people like me, who believe any government is always a bigger threat than any google/microsoft/whatever (if only because you can't choose to walk away from the former like you can the latter), this basically makes the whole thing moot.

I expect FOI to go the same way, adding more and more exceptions every once in a while till it too becomes as meaningless.

Quantum Key Distribution: Is it as secure as claimed and what can it offer the enterprise?

Sitaram Chamarty

Re: my "QKD for managers"

(saw this while cleaning up some bookmarks, yeah I know it's 2 years old)

QKD has no identity component, as in Alice does not know she's talking to Bob; classical crypto has to step to prove that she is

Sitaram Chamarty

Re: my "QKD for managers"

good article, but interception is not the only problem. With sufficient hardware resources, Eve can implement a true MITM -- get between them and relay messages back and forth -- because QKD has no *identity* component.

Sitaram Chamarty

my "QKD for managers"

Here's what I say when a "manager" asks me about QKD:

QKD is a popular and well known method of extracting money from gullible people -- whether it is in the form of grants, startup funding, or outright "product" purchase. In keeping with "quantum" principles, the person being diddled out of his money cannot simultaneously also *know* that he's being diddled.

More seriously, here's some excellent reading for anyone thinking QKD is actually useful: https://crypto.stackexchange.com/questions/51311/what-makes-quantum-cryptography-secure/51314#51314

Our software is perfect. If something has gone wrong, it must be YOUR fault

Sitaram Chamarty

saw title, assumed you were talking about systemd

am I the only one?

Aussies crowdsource a business case for central bank digital currencies

Sitaram Chamarty

Re: Use case

In India, the UPI infrastructure covers your points a, b, and c for domestic transactions. No one takes a cut, not even a small fixed amount, and it is instantaneous -- about the same speed as SMS or at worst a few seconds more.

(International transactions are not covered by this of course)

On point c, much as I hate the "your papers please" nature of India's Aadhaar, not to mention all the security issues it brings, it *has* helped poor people open bank accounts etc.

Also on point c, I do not think cryptocurrency enables the poor any better; most of them are illiterate, and you're talking about a system where **techno-literate** people regularly get scammed out of their savings, with no legal recourse because "immutable".

In short, I'd say "catering to poor people" is a particularly strong reason **not** to go for a cryptocurrency.

Point d is of course completely out, though most people don't care. I've found places where they discourage cash because it is convenient for the merchant to be paid digitally -- which would not be true if any of the banks in between were taking a cut.

Systemd supremo Lennart Poettering leaves Red Hat for Microsoft

Sitaram Chamarty

Re: People are awful

because you didn't "approach" him right :-) (sarcasm there, just to be clear)

I had a boss like this for several years. A very learned man (though I won't list his qualifications). Very smart, mind like a steel trap, and when you meet him as a relative stranger he would be so amazingly friendly and empathetic and all that.

Sadly, none of that applied if you worked with him or for him. He was easily the worst boss I ever had.

Sitaram Chamarty

El Reg continues to be the only place online whose users generally reflect my own well-considered antipathy to Poettering...

Most other forums have a somewhat different ratio of like/hate than here. It is also quite possible that El Reg readers also have a higher average age than the others (and I am sure my contribution to that average is also high!)

One thing you'll often hear is that shell scripts are baroque, hard to debug, and what not. That may well be true, but you can pick another one if you wish. Meanwhile, those same people fail to mention that this "declarative syntax" has hundreds of keywords. Many of them look very similar, with subtle differences that can trip you up. The values are not always intuitive, but even if they are, you had better RTFM to make sure you're using the right one.

How the hell this is supposed to be easier to learn I do not know -- 90% of the help messages I see on systemd get responses that say "use this [boilerplate]".

A shell script is much more immediately understandable without having to refer to manuals.

Sitaram Chamarty

Re: Depart, I say, and let us have done with you.

Very nicely put.

There are three comments in this thread that are worth bookmarking forever, and this is one of them.

India extends deadline for compliance with infosec logging rules by 90 days

Sitaram Chamarty

fax

would be so cool if everyone used fax

(reports printed in the wingdings font only please!)

It's time to kick China off social media, says tech governance expert

Sitaram Chamarty

> by any chance?

by *every* chance!

Open-source leaders' reputations as jerks is undeserved

Sitaram Chamarty

Re: rude maintainers

if it is Qmail they're talking about, DJB is much more well known now for ChaCha/Salsa stream ciphers, Poly1305 MAC, and the Ed25519 replacements for EdDSA. They're pretty much the standard for "NIST/NSA did not have their sticky fingers in this"-cryptography.

Putin threatens supply chains with counter-sanction order

Sitaram Chamarty

Re: You want to play hardball?

speaking of "bunker" reminds me...

I wonder if there's a Downfall parody of this situation (you know, the one with Hitler ranting) already

Cloudflare stomps huge DDoS attack on crypto platform

Sitaram Chamarty

Re: used to surface Decentralized Finance projects to potential investors

I think it's closer to "expose", thinking back to every time I heard that word in various contexts

Putin reaches for nuclear option: Zuckerberg banned

Sitaram Chamarty

Re: Well, damn

I'm sure there are some nice tourist-worthy cathedrals in the areas where those guys live.

Google issues third emergency fix for Chrome this year

Sitaram Chamarty

Re: How happy I am

> So you use two browsers that could potentially have insecurities or flaws

"potentially" is better than *definitely*

Barely 3 weeks before this, we had CVE 2022-0609 (https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ -- you don't even need to click it; the URL says it all)

Meta strikes blow against 30% 'App Store tax' by charging 47.5% Metaverse toll

Sitaram Chamarty

Re: Terrific!

I have to admit... I've hated lots of public figures over the years (heck that's half the reason they *exist* right?). But no one, not Bill Gates, not even Steve Ballmer when he was calling Linux a cancer, nor Bezos in his rocket, nor .... [well you get the idea] has ever generated in me the kind of instinctive, visceral, hatred I feel when I see Zuckerburg's picture anywhere.

"A face only a mother could love" has been a standard phrase in literature and humour for decades, but I suspect in this case even that could be a stretch.

Maybe that's just me...

The first step to data privacy is admitting you have a problem, Google

Sitaram Chamarty

meanwhile...

...for those who would like an immediate solution, I suggest installing NetGuard and setting it to block these apps from being able to send/receive data. I recommend setting it to "whitelist" mode, and allowing only the few apps that *you* know absolutely need network access.

NetGuard is open source; you can get it from f-droid also if, like me, you avoid the plague-store.

US warns Chinese chipmakers: Sell to Russia, suffer Huawei's fate

Sitaram Chamarty

> How is that not "dictating anyone's policy but their own"?

because "suffer Huawei's fate" should actually be read "we won't do business with you", so it is still within it's bailiwick

you got fooled by a symlink :) (if you're a unix/linux guy you know what I mean, if you're not you have my apologies for a crappy joke!)

India's Reserve Bank deputy governor calls for crypto ban

Sitaram Chamarty

his boss said: "no underlying asset -- not even a tulip"

that tulip snark was absolutely awesome!

that really made my day last week

indeed, these guys get it!

Worried about occasional npm malware scares? It's more common than you may think

Sitaram Chamarty

node/npm -- the new php

I'm one of those ultra cynics who consistently refused to let PHP on any internet facing server back when I was working on, and had a say in, such things.

Today I consider the node ecosystem to be just as bad in terms of the effort required (not just one time but on an ongoing basis) to keep it secure.

And I don't think I'm alone. I've often found comments on reddit and elsewhere, where, if someone posts a new tool in nodejs, will respond with "Uggh, node!" or "Node? No!" or similar. This is especially true for apps which don't really need to be written in JS (i.e. could have been written in any other language), although I cannot say if those comments are also driven by security concerns or just a general dislike of JS.

The dark equation of harm versus good means blockchain’s had its day

Sitaram Chamarty

Re: We know it has no future

you certainly appear to miss it... you need a "-e" somewhere, and I *think* the g needs to be next to the trailing "/" :)

Intel's recent Atom, Celeron, Pentium chips can be lulled into a debug mode, potentially revealing system secrets

Sitaram Chamarty

not quite

No idea about windows but at least on Linux, for a normal desktop/laptop using dm-crypt/LUKS, the FDE key is encrypted by a stretched version of a *user supplied* key.

There's nothing "stored [...] on the motherboard", and what is stored on disk needs to be brute forced in order to be of any use.

Waterfox: A Firefox fork that could teach Mozilla a lesson

Sitaram Chamarty

Re: Forks are a sign of success.

Agree.

I should add that there's nothing wrong with removing core features and pushing them into addons if they're reasonably similar. Reducing core is always a good thing.

Sitaram Chamarty

Re: Agree

> not using systemd in the way he envisioned

Or using any *other* software in the way his latest patches expect.

There was an incident with kernel cmdline (debug flag? don't remember) where Linus had to come down hard on this jackass and his minions, if I recall, because the then-latest systemd prevented something that was working before, but these people tried to claim the other guys need to change.

Yeah that was rambling, but this was some years ago so I don't quite recall the details.

Sitaram Chamarty

Re: Palemoon, check. Seamonkey, check.

> Configuring pulse audio to work with these firefox instances running under sudo wasn't easy

huh! I use a sudo based scheme to setup different firefox instances (one for every site I need a login for, and one for others; currently have 11 such userids)

only one of them needs sound, and it was a simple matter of adding that user to the group "audio"; never had to mess with PA networking

India's Supreme Court starts probe into use of Pegasus spyware

Sitaram Chamarty

indeed...

I read it first in https://indianexpress.com/article/explained/pegasus-snoop-allegations-sc-moved-the-needle-on-privacy-press-freedom-govt-security-alibi-7594235/

I particularly liked phrases like "should not take an adversarial position when the fundamental rights of citizens are at threat", "refused to accept the sweeping use of national security to deny information to the court", and several other bits.

Warmed my heart it did!

Git 2.33 released with new optional merge process likely to become the default: It's 'over 9,000' times faster

Sitaram Chamarty

that sqlite guy

...while no doubt brilliant with sqlite, is completely and utterly wrong about rebase.

why he and his ilk continue to confuse "rebase in your private repo before pushing it up for the world to see" with "rebase a published tree and confuse the heck out of the other developers" I could never understand.

It's like saying there should not be a backspace key on the keyboard.

In Search of Lost Time: GNU Grep 3.7 released with fix for 'extreme performance degradation'

Sitaram Chamarty
Thumb Down

ack? NAK!

I was a great fan of ack once upon a time, till one day I nearly lost data to it.

https://groups.google.com/g/ack-users/c/oa82NsPqhvo/m/Y2f0RTnY5dEJ

when someone else ran into similar problems and asked for documentation on how ack chooses what files to search and what files to ignore, the author's reply was "There's no English that explains how it works". https://groups.google.com/g/ack-users/c/rmRt92zBUlk/m/R6s85VhhDLoJ

Still being a fan (but thinking hard about why), I wrote it up, https://groups.google.com/g/ack-users/c/kdlaASvikFo/m/1ObiGm1L_yUJ and asked the author to include it in the docs somewhere. His response? "In my copious free time".

Sure this was back in 2009, but it still rankles. I have a long memory for open source authors who deal like this with users.

Thunderbird 91 lands: Now native on Apple Silicon, swaps 'master' for 'primary' password, and more

Sitaram Chamarty

meanwhile, over on a work-mandated Xubuntu laptop...

...Evolution + Evolution-EWS work fine. No fee to pay, and I get calendar invites too

Sitaram Chamarty

Re: Primary?

indeed it is. In an earlier thread on some other article I had mentioned that I am an India, El Reg is Brit, and in both countries the head (real, not titular) of the government is... wait for it... the *Prime* Minister :-) Can't get more elitist than "head of country"

NSO Group 'will no longer be responding to inquiries' about misuse of its software

Sitaram Chamarty

I wish...

the NSO chief and/or senior officers had attractive twitter handles.

NPM is Now Providing Malware – or was until recently

Sitaram Chamarty

there's supply chain attacks...

and then there's NPM, which is in a whole class by itself in terms of problems.

At least that's the impression my mind carries, from what I remember of various news items over the years. It's bad enough that I won't install any NPM or Node based software on my primary laptop.

So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into

Sitaram Chamarty

ETERNALBLUE jealousy

someone in China is jealous of the NSA and how they found and hoarded ETERNALBLUE!

Reserve Bank of India warns against Big Tech's potential to dominate financial services

Sitaram Chamarty

Re: Communist struggle

> I doubt they are particularly concerned about their citizens economic wellbeing.

Let me fix that for you:

"I doubt they are particularly concerned about their citizens wellbeing."

Page: